A user trying to access the Web application protected by AuthMinder can be authenticated using any of the out-of-the-box credentials supported by AuthMinder.
In all the authentication mechanisms, the client is provided with an authentication token after every successful authentication. The authentication token is further used to prove that the client is already authenticated to the server. The authentication token is valid only for a certain interval, after which the client has to re-authenticate to the server.
All password type credentials namely, password, OTP, ArcotID OTP, and OATH OTP are based on the single-step authentication model, which means the credentials are passed by the client to the user and the server verifies the user credentials.
The following figure illustrates the typical authentication workflow.
However, ArcotID PKI and QnA are based on the challenge-response authentication model. These authentication mechanisms include multiple steps to authenticate users.
|
Copyright © 2013 CA.
All rights reserved.
|
|